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(54) METHOD AND SYSTEM FOR AUTHENTICATED DATA BASE MANAGEMENT 
{57)Abstract: 

PROBLEM TO BE SOLVED: To improve maintainance of an 
authenticated data base by constituting the authenticated data base 
with authenticated data of all users In all authentication management 
areas. 

SOLUTION: The authenticated data base 1 consists of N records 2, 
which each consist of a user name field where a user name as a user 
identifier is written, a password field where a password as a password 
code is written, and an area field. One record is prepared for each 
user and user names set uniquely by the users are written in the user 
name files of the respective records. When a user accesses one of the 
authentication management areas, a user who has succeeded in 
authentication by accessing the authentication management area 
before this access is retrieved preferentially from the authentication 
data base and matched against the current user to perform 
authentication. 
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NOTICES * 

*PO and NCIPI are not responsible for any 
tamages caused by the use of this translation. 

.This document has been translated by computer. So the translation may not reflect the original precisely. 
:.**** shows the word which can not be translated. 
•.In the drawings, any words are not translated. 



:laims 



Claim(s)] 

Claim 1] In the network which the authentication database about all users is installed in each authentication 
nanagement area, and attests a user for every authentication management area while being divided into two or more 
luthentication management area If a user accesses to the authentication management area of one among said 
luthentication management area The user who accessed said authentication management area of 1 before this access, 
md succeeded in authentication is preferentially searched out of said authentication database. The authentication 
iatabase management approach characterized by attesting by collating this searched user and said user who accessed. 
Claim 2] The authentication database-management approach which will be characterized by to attest by searching 
)referentially the user who accessed said authentication management area of 1 by predetermined time or before from 
his access, and succeeded in authentication out of said authentication database, and collating this searched user and 
;aid user who accessed in claim 1 if a user accesses to the authentication management area of one among said 
luthentication management area. 

"Claim 3] In the network which the authentication database about all users is installed in each authentication 
nanagement area, and attests a user for every authentication management area while being divided into two or more 
authentication management area The field where the user identifier by which said each authentication management area 
was attached to a meaning for every user was written in. The authentication database which has two or more records 
:jonstituted by the field where the password sign was written in, and the area field where the sign which shows a 
success of authentication is written in, The sign which shows a success of authentication is written in the area field of 
che record which will be applied to that user if a user is attested with reference to this authentication database and it 
succeeds in a user's authentication. Moreover, an authentication server means to attest by searching preferentially the 
record with which the sign which shows a success of authentication is written in the area field if an authentication 
iemand is received from a user. The authentication database management system characterized by having a network 
access server means to connect with this authentication server means and to transmit an authentication demand of a 
user to said authentication server means. 

[Claim 4] In claim 3, each record which constitutes said authentication database It has fiirther the date field where the 
date which succeeded in authentication is written in. Said authentication server means If a user is attested with 
reference to said authentication database and it succeeds in a user's authentication, while writing the sign which shows 
a success of authentication in the area field of the user's record The date which attested to the date field of the record 
concerning the user is written in. Moreover, the authentication database management system characterized by being a 
means to attest by searching preferentially the record with which the sign which shows a success of authentication is 
written in the area field if an authentication demand is received fi-om a user. 

[Claim 5] The authentication database management system characterized by preparing the date field where the date 
which succeeded in authentication is written in instead of said area field in claim 3. 

[Claim 6] Said authentication server means is an authentication database management system characterized by being 
the means which will rewrite the content of the area field and the date field to predetermined initial value, respectively 
if predetermined time amount passes since the date of said date field in claim 4. 

[Claim 7] Said authentication server means is an authentication database management system characterized by being 
the means which writes in the user identifier uniquely attached to the user identifier field of this added record at the 
user, writes a predetermined password sign in the password sign field, and writes predetermined initial value in the area 
field, when a record is newly added to said authentication database in claim 3. 

[Claim 8] Said authentication server means is an authentication database management system characterized by being 
the means which writes in the user identifier uniquely attached to the user identifier field of this added record at the 
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ser, writes a predetermined password sign in the password sign field, and writes predetermined initial value in a date 
ield, when a record is newly added to said authentication database in claim 4. 
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)ETAILED DESCRIPTION 



Detailed Description of the Invention] 
0001] 

Field of the Invention] This invention divides a network into two or more authentication management area, and relates 
0 the approach and system which install an authentication server for each [ these ] authentication management area of 
;very, and manage an authentication database. 
0002] 

Description of the Prior Art] Generally, when connecting with networks, such as personal computer communications 
md the Internet, through a telephone network etc., a user connects with the access point of every place offered with the 
^ersonal-computer-communications firm, the Internet provider, etc., and is communicating through this access point. 
0003] In order to check whether you are the user of network normal in that case, an authentication server requires the 
nput of a password together with a user name of each user (henceforth a user). And this inputted user name is collated 
A^ith the authentication database beforehand set up in the network, and if both are in agreement, connection of that user 
vill be permitted. 

0004] However, in such personal computer communications etc., since the business was developed on a scale of the 
A^hole country, the number of users also has the place which reaches the magnitude millions in many places, 
iuthentication of the user at the time of access took time amount, and it had become a problem, conventionally how this 
iuthentication time amount is shortened. 

• 0005] Here, a user's authentication in the network in general personal computer communications etc. is explained 
asing drawing. Drawin g 6 is the explanatory view which expressed networks, such as general personal computer 
:ommunications, typically. As showoi in this drawing, the whole network is divided into five authentication 
•nanagement area 10, 20, 30, 40, and 50, and authentication servers 11, 21, 31, 41, and 51 are installed in each 
authentication management area. 

[0006] And two or more connection of the network access servers 12, 22, 32, 42, and 52 which function on each 
authentication server as a router is made, respectively, and each user is connected to an authentication server through 
chese network access servers. In addition, each of authentication servers and network access servers may be realized in 
hardware, if it may realize by software. 

i0007] Now, if the network shown in drawing 6 is applied to the personal computer communication network of national 
.magnitude, districts, such as Kanto, a northeast, and Kinki, correspond, respectively and, as for each authentication 
management area, one authentication server is installed at a time in each [ these ] district. And two or more network 
access servers connected to these authentication servers correspond to the access point installed in the cities, towns and 
villages in each district, for example, Tokyo, Mitaka, Sendai, Osaka, etc., respectively. 

[0008] Therefore, Mitaka-shi, then a user 13 access a user's 13 address in a network through the network access server 
12 of Mitaka-shi which is a nearby access point, and it connects with the authentication server 1 1 which has taken over 
the user authentication of the Kanto district alone. 

[0009] Moreover, although it is natural, authentication will be performed by the authentication server 21 in the 
authentication management area 20, if the user 13 could also access through the network access server of others which 
exist in addition to Mitaka-shi, for example, being accessed through the network access server 22. Thus, in the former, 
the whole network was divided into two or more authentication management area, the authentication server was 
prepared for every authentication management area, and a user's authentication was performed. 
[0010] 

[Problem(s) to be Solved by the Invention] However, in the above conventional authentication management methods 
and systems, in order to enable it to access from any authentication management area, the authentication database 
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quipped with the data about All Users was installed in each authentication management area. Therefore, record count 
)ecame huge with the increment in a user, and there was a trouble that the retrieval time at the time of authentication 
tarted. 

001 1] Moreover, in order to solve such a trouble, there was also the approach of assigning a user for every 
luthentication management area, and miniaturizing an authentication database, but since the authentication database of 
)ther authentication management area would be referred to when the user applicable to the authentication database 
nstalled in the authentication management area accessed in such an approach is not registered, the trouble took time 
imount too was. 

0012] Furthermore, since the users registered for every authentication management area differed when a user is 
issigned for every authentication management area as mentioned above, when an addition, deletion, etc. of 
luthentication management area arose, the authentication database in other authentication management area also had to 
)e changed, and there was a problem in maintainability. In the network which modification of such authentication 
nanagement area produces frequently especially, maintenance of an authentication database was very complicated. 
0013] This invention is for solving such a technical problem, and in the network which has two or more authentication 
nanagement area, even if it seems that authentication time amount can be shortened even if there are many users, and 
luthentication management area may be changed frequently, it aims at offering the authentication database 
nanagement approach and authentication database management system which can perform maintenance easily, 
0014] 

Means for Solving the Problem] In order to attain such an object, the authentication database management approach 
:onceming this invention If a user accesses to the authentication management area of one among said authentication 
nanagement area The user who accessed up Norikazu's authentication management area before this access, and 
mcceeded in authentication is preferentially searched out of the above-mentioned authentication database, and it attests 
^y collating this searched user and the user who did [ above-mentioned ] access. Thus, even if the number of users of 
he authentication database management approach which starts this invention by constituting increases, it can be 
searched in a short time, and maintenance of an authentication database is easy for it. 

0015] Moreover, the authentication database management system concerning this invention The field where the user 
.dentifier by which each authentication management area was attached to a meaning for every user was written in, The 
Authentication database which has two or more records constituted by the field where the password sign was written in, 
ind the area field where the sign which shows a success of authentication is written in, The sign which shows a success 
jf authentication is written in the area field of the record which will be applied to that user if a user is attested with 
reference to this authentication database and it succeeds in a user's authentication. Moreover, an authentication server 
:Tieans to attest by searching preferentially the record with which the sign which shows a success of authentication is 
written in the area field if an authentication demand is received from a user, It connects with this authentication server 
Tieans, and has a network access server means to transmit an authentication demand of a user to the above-mentioned 
authentication server means. Thus, even if the number of users of the authentication database management system 
which starts this invention by constituting increases, it can be searched in a short time, and maintenance of an 
luthentication database is easy for it. 
•0016] 

Embodiment of the Invenfion] Next, the gestalt of one operation of this invention is explained using drawing. Drawing 
i is the explanatory view showing the gestalt of one operation of this invention. As shown in this drawing, the 
luthentication database 1 is constituted by the record 2 of N individual, and each record 2 is constituted by the user 
lame field where the user name which is a user identifier was written in, the password field in which the password 
which is a password sign was written, and the area field. 

. 0017] For example, "taro" is written in the record of #2 of drawin g 1 as a user, and "ABCDwxyz" is written in it as a 
oassword And the value "0" is written in the area field. Similarly, the data about a user "jiro" are written in the record 
3f#n. 

:001 8] Thus, one record is prepared to one user, the user name set as a meaning for every user is written in the user 
aame field of each record, and the password made from the combination of arbitration, such as the alphabet and a 
figure, is written in a password field. And "0" is written in the area field as initial value, and " 1 " will be written in if 
accessed once. 

[0019] Here, the procedure at the time of newly registering a user into an authentication database is explained using 
drawing. Drawing 4 is the explanatory view showing signs that the user was newly registered in an authentication 
database. As shown in this drawing, when a user "hanako" is newly registered into the record of #N+1, "KLMstuvW" is 
written in a password field as a password set as arbitration. And initial value "0" is written in the area field. 
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0020] Next, the procedure of authentication is explained using drawing. Drawing 5 is a flow chart which shows the 
luthentication procedure when using the authentication database concerning drawing 1 for the general network 
:onceming drawing 6 . In addition, although the user 13 of drawing 6 explains taking the case of the procedure which 
iccesses an authentication server 1 1 below, it carries out similarly about other authentication servers. 
0021] First, in step 100, if the authentication demand from a user 13 is transmitted to an authentication server 1 1 
hrough a network access server 12, an authentication server 1 1 v^U start authentication. In step 101, in order to search 
)referentially the user who had already accessed this authentication server 1 1, an authentication server 1 1 starts 
etrieval of the record whose value of the area field in an authentication database is "1." And if there is a corresponding 
ecord, it will shift to step 102, and if there is nothing, it will shift to step 105. 

0022] In step 102, since the record which corresponds in an authentication database was searched, a password is 
collated succeedingly. That is, an authentication server 1 1 collates the entered password and the password of the 
:earched record, and checks whether it is mutually in agreement. And if in agreement, it shifts to step 103, and if not in 
igreement, it will shift to step 106. 

0023] In step 103, since it checked that an authentication server 1 1 was in agreement with that by which the user name 
md password which were entered are registered into the authentication database, a success of authentication is notified 
.0 a network access server 12. Consequently, connection with a network is permitted and, as for a user 13, access to a 
letwork is carried out by the usual procedure. In step 104, an authentication server 1 1 writes the value "1" which shows 
iccess ending in the area field, and ends an authentication procedure. 

0024] On the other hand, in step 105, as for an authentication server 1 1, the value of the area field searches the record 
)f "0." And if there is a corresponding record, it will shift to step 102 and collating of a password etc. will be performed 
ike the above. Moreover, if there is no corresponding record, it will shift to step 106. 

0025] In step 106, a password is not in agreement, the user who accessed into the authentication database is not 
•egistered, or it writes, and the authentication access server 1 1 notifies failure in authentication to a network access 
>erver 12. Consequently, a user 13 is denied connection with a network. 

0026] Next, the gestalt of operation of others of this invention is explained. Drawin g 2 is the explanatory view 
showing the gestalt of operation of others of this invention. It differs in that the date field is prepared instead of being 
:he area field although a strong resemblance to the configuration of dravvdng 1 is born as shown in this drawing. 
[0027] That is, if the date (a date or time of day) which attested is written in at the time of a success of authentication, 
die same effectiveness as the case of drawin g 1 can be acquired by searching preferentially the record with which the 
date was written in at the time of retrieval. 

•0028] Moreover, in the case of drawing 2 , if the date currently written in the date field is supervised periodically and 
fixed time amount passes since the date, the date field of a user with few counts of access will be initialized by 
rewriting a date field to initial value. Consequently, the user who accesses in the authentication management area 10 
frequently can be preferentially searched now, and authentication time amount can be fiirther shortened rather than the 
case of drawin g 1 . 

[0029] Furthermore, since the authentication procedure when using the authentication database of drawing ^ is almost 
the same as that of the case of drawin g 1 , the flow chart of drawin g 5 is followed in general. However, the points 
which write in the date which attested to the date field differ instead of writing in the area field in step 104. Moreover, 
what the authentication database 1 1 supervised the date of a date field periodically, went back from current time of day 
independently with authentication procedure, and carried out fixed time amount progress rewrites the value of the date 
Field to 00. predetermined initial value, "00.00". [ for example, ] 

[0030] Drawin g 3 is the explanatory view showing the gestalt of other operations in the pan of this invention. As shown 
in this drawing, this combined the configuration of drawing 1 , and the configuration of drawin g^ , and is equipped 
with the area field and a date field. Therefore, the step which writes in the date with which the authentication procedure 
of the authentication database of drawing 3 attested after step 104 in the date field according to the flow chart of 
drawing 5 R> 5 in general is newly added. 
[0031] 

[Effect of the Invention] As explained above, since the authentication database is constituted by all users' authentication 
data in all authentication management area, even if authentication management area is changed, the authentication 
database before it can be used for this invention as it is. Therefore, this invention can raise the maintainability of an 
authentication database substantially. Moreover, this invention can make retrieval accelerate by limiting the record 
searched using the area field etc., altiiough the authentication database which registered the user in all area for every 
authentication management area is installed. 
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:ECHNICAL FIELD 

Field of the Invention] This invention divides a network into two or more authentication management area, and relates 
o the approach and system which install an authentication server for each [ these ] authentication management area of 
3 very, and manage an authentication database. 
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>RIOR ART 



Description of the Prior Art] Generally, when connecting with networks, such as personal computer communications 
md the Internet, through a telephone network etc., a user connects with the access point of every place offered with the 
)ersonal-computer-communications firm, the Internet provider, etc., and is conmiunicating through this access point. 
0003] In order to check whether you are the user of network normal in that case, an authentication server requires the 
nput of a password together with a user name of each user (henceforth a user). And this inputted user name is collated 
A^ith the authentication database beforehand set up in the network, and if both are in agreement, connection of that user 
A^ill be permitted. 

0004] However, in such personal computer communications etc., since the business was developed on a scale of the 
A^hole country, the number of users also has the place which reaches the magnitude millions in many places, 
luthentication of the user at the time of access took time amount, and it had become a problem conventionally how this 
luthentication time amount is shortened. 

0005] Here, a user's authentication in the network in general personal computer communications etc. is explained 
ising drawing. Drawing 6 is the explanatory view which expressed networks, such as general personal computer 
:ommunications, typically. As shown in this drawing, the whole network is divided into five authentication 
nanagement area 10, 20, 30, 40, and 50, and authentication servers 11, 21, 31, 41, and 51 are installed in each 
iuthentication management area, 

';;0006] And two or more connection of the network access servers 12, 22, 32, 42, and 52 which function on each 
luthentication server as a router is made, respectively, and each user is connected to an authentication server through 
:hese network access servers. In addition, each of authentication servers and network access servers may be realized in 
•lardware, if it may realize by software. 

! 0007] Now, if the network shown in drawing 6 is applied to the personal computer communication network of national 
magnitude, districts, such as Kanto, a northeast, and Kinki, correspond, respectively and, as for each authentication 
management area, one authentication server is installed at a time in each [ these ] district. And two or more network 
access servers connected to these authentication servers correspond to the access point installed in the cities, tovras and 
tillages in each district, for example, Tokyo, Mitaka, Sendai, Osaka, etc., respectively. 

. 0008] Therefore, Mitaka-shi, then a user 13 access a user's 13 address in a network through the network access server 
12 of Mitaka-shi which is a nearby access point, and it connects with the authentication server 1 1 which has taken over 
:he user authentication of the Kanto district alone. 

: 0009] Moreover, although it is natural, authentication will be performed by the authentication server 21 in the 
authentication management area 20, if the user 13 could also access through the network access server of others which 
ixist in addition to Mitaka-shi, for example, being accessed through the network access server 22. Thus, in the former, 
:he whole network was divided into two or more authentication management area, the authentication server was 
prepared For every authentication management area, and a user's authentication was performed. 
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iFFECT OF THE INVENTION 

Effect of the Invention] As explained above, since the authentication database is constituted by all users* authentication 
lata in all authentication management area, even if authentication management area is changed, the authentication 
latabase before.it can be used for this invention as it is. Therefore, this invention can raise the maintainability of an 
luthentication database substantially. Moreover, this invention can make retrieval accelerate by limiting the record 
learched using the area field etc., although the authentication database which registered the user in all area for every 
luthentication management area is installed. 



Translation done.] 



http://www4.ipdl.ncipi.go.jp/cgi-bin/tran_web_cgi_ejje 



5/13/2005 



P,IM02345,A [TECHNICAL PROBLEM] 



Page 1 of 1 



NOTICES * 

PO and NCI PI are not responsible for any 
lamages caused by the use of this translation. 

This document has been translated by computer. So the translation may not reflect the original precisely. 
•.**** shows the word which can not be translated. 
.In the drawings, any words are not translated. 

^ECHNICAL PROBLEM 

Problem(s) to be Solved by the Invention] However, in the above conventional authentication management methods 
md systems, in order to enable it to access from any authentication management area, the authentication database 
equipped with the data about All Users was installed in each authentication management area. Therefore, record count 
)ecame huge with the increment in a user, and there was a trouble that the retrieval time at the time of authentication 

;tarted. 

00 11] Moreover, in order to solve such a trouble, there was also the approach of assigning a user for every 
luthentication management area, and miniaturizing an authentication database, but since the authentication database of 
)ther authentication management area would be referred to when the user applicable to the authentication database 
nstalled in the authentication management area accessed in such an approach is not registered, the trouble took time 
imount too was. 

0012] Furthermore, since the users registered for every authentication management area differed when a user is 
issigned for every authentication management area as mentioned above, when an addition, deletion, etc. of 
luthentication management area arose, the authentication database in other authentication management area also had to 
le changed, and there was a problem in maintainability. In the network which modification of such authentication 
nanagement area produces frequently especially, maintenance of an authentication database was very complicated. 
0013] This invention is for solving such a technical problem, and in the network which has two or more authentication 
nanagement area, even if it seems that authentication time amount can be shortened even if there are many users, and 
luthentication management area may be changed frequently, it aims at offering the authentication database 
nanagement approach and authentication database, management system which can perform maintenance easily. 

Translation done.] 



http://www4.ipdl.ncipi.go.jp/cgi-bin/tran_web_cgi_ejje 5/1 3/2005 



P,U-1023.45,A [MEANS] 



Page 1 of 2 



NOTICES * 

rpo and NCIPI are not responsible for any 
lamages caused by the use of this translation. 

.This document has been translated by computer. So the translation may not reflect the original precisely. 
:.**** shows the word which can not be translated. 
'.In the drawings, any words are not translated. 



v4EANS 



Means for Solving the Problem] In order to attain such an object, the authentication database management approach 
:onceming this invention If a user accesses to the authentication management area of one among said authentication 
nanagement area The user who accessed up Norikazu's authentication management area before this access, and 
iucceeded in authentication is preferentially searched out of the above-mentioned authentication database, and it attests 
)y collating this searched user and the user who did [ above-mentioned ] access. Thus, even if the number of users of 
he authentication database management approach which starts this invention by constituting increases, it can be 
iearched in a short time, and maintenance of an authentication database is easy for it. 

0015] Moreover, the authentication database management system concerning this invention The field where the user 
dentifier by which each authentication management area was attached to a meaning for every user was written in, The 
luthentication database which has two or more records constituted by the field where the password sign was written in, 
ind the area field where the sign which shows a success of authentication is written in, The sign which shows a success 
)f authentication is written in the area field of the record which will be applied to that user if a user is attested with 
eference to this authentication database and it succeeds in a user's authentication. Moreover, an authentication server 
neans to attest by searching preferentially the record with which the sign which shows a success of authentication is 
ATitten in the area field if an authentication demand is received from a user, It connects with this authentication server 
neans, and has a network access server means to transmit an authentication demand of a user to the above-mentioned 
iuthentication server means. Thus, even if the number of users of the authenfication database management system 
A^hich starts this invention by constituting increases, it can be searched in a short time, and maintenance of an 
iuthentication database is easy for it. 
<:0016] 

"Embodiment of the Invention] Next, the gestalt of one operation of this invendon is explained using drawing. Drawin g 
L is the explanatory view showing the gestalt of one operation of this invention. As shown in this drawing, the 
iuthentication database 1 is constituted by the record 2 of N individual, and each record 2 is constituted by the user 
lame field where the user name which is a user identifier was written in, the password field in which the password 
A^hich is a password sign was written, and the area field. 

r0017] For example, "taro" is written in the record of #2 of drawing 1 as a user, and "ABCDwxyz" is written in it as a 
password. And the value "0" is v^itten in the area field. Similarly, the data about a user "jiro" are written in the record 
3f#n. 

0018] Thus, one record is prepared to one user, the user name set as a meaning for every user is written in the user 
-lame field of each record, and the password made from the combination of arbitration, such as the alphabet and a 
figure, is written in a password field. And "0" is written in the area field as initial value, and "1" will be written in if 
iccessed once. 

0019] Here, the procedure at the time of newly registering a user into an authentication database is explained using 

drawing. Drawing 4 is the explanatory view showing signs that the user was newly registered in an authentication 

database. As shown in this drawing, when a user "hanako" is newly registered into the record of #N+1, "KLMstuvW" is 

written in a password field as a password set as arbitration. And initial value "0" is written in the area field. 

[0020] Next, the procedure of authentication is explained using drawing. Drawing 5 is a flow chart which shows the 

luthentication procedure when using the authentication database concerning drawing 1 for the general network 

concerning drawing 6 . In addition, although the user 13 of drawing 6 explains taking the case of the procedure which 

accesses an authentication server 1 1 below, it carries out similarly about other authentication servers. 

[0021] First, in step 100, if the authentication demand from a user 13 is transmitted to an authentication server 1 1 

through a network access server 12, an authentication server 1 1 will start authentication. In step 101, in order to search . 
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deferentially the user who had already accessed this authentication server 1 1, an authentication server 1 1 starts 
etrieval of the record whose value of the area field in an authentication database is "1." And if there is a corresponding 
ecord, it will shift to step 102, and if there is nothing, it will shift to step 105. 

0022] In step 1 02, since the record which corresponds in an authentication database was searched, a password is 
ollated succeedingly. That is, an authentication server 1 1 collates the entered password and flie password of the 
.earched record, and checks whether it is mutually in agreement. And if in agreement, it shifts to step 103, and if not in 
igreement, it will shift to step 106. 

0023] In step 103, since it checked that an authentication server 1 1 was in agreement with that by which the user name 
md password which were entered are registered into the authentication database, a success of authentication is notified 
0 a network access server 12. Consequently, connection with a network is permitted and, as for a user 13, access to a 
letwork is carried out by the usual procedure. In step 104, an authentication server 1 1 writes the value "1" which shows 
iccess ending in the area field, and ends an authentication procedure. 

0024] On the other hand, in step 105, as for an authentication server 1 1, the value of the area field searches the record 
)f "0." And if there is a corresponding record, it will shift to step 102 and collating of a password etc. will be performed 
ike the above. Moreover, if there is no corresponding record, it will shift to step 106. 

0025] In step 106, a password is not in agreement, the user who accessed into the authentication database is not 
•egistered, or it writes, and the authentication access server 1 1 notifies failure in authentication to a network access 
;erver 12. Consequently, a user 13 is denied connection with a network. 

0026] Next, the gestalt of operation of others of this invention is explained. Drawing 2 is the explanatory view 
ihowing the gestalt of operation of others of this invention. It differs in that the date field is prepared instead of being 
he area field although a strong resemblance to the configuration of drawing 1 is bom as shown in this drawing. 
0027] That is, if the date (a date or time of day) which attested is v^itten in at the time of a success of authentication, 
he same effectiveness as the case of drawing 1 can be acquired by searching preferentially the record with which the 
late was written in at the time of retrieval 

0028] Moreover, in the case of drawing 2 , if the date currently written in the date field is supervised periodically and 
•fixed time amount passes since the date, the date field of a user with few counts of access will be initialized by 
rewriting a date field to initial value. Consequently, the user who accesses in the authentication management area 10 
frequently can be preferentially searched now, and authentication time amount can be further shortened rather than the 
:ase of drawing 1 . 

[0029] Furthermore, since the authentication procedure when using the authentication database of drawing^ is almost 
che same as that of the case of drawin g 1 , the flow chart of drawin g 5 is followed in general. However, the points 
which write in the date which attested to the date field differ instead of writing in the area field in step 104. Moreover, 
what the authentication database 1 1 supervised the date of a date field periodically, went back from current time of day 
independently with authentication procedure, and carried out fixed time amount progress rewrites the value of the date 
field to 00. predetermined initial value, "00.00". [ for example, ] 

•0030] Drawing 3 is the explanatory view showing the gestalt of other operations in the pan of this invention. As shown 
in this drawing, this combined the configuration of drawing 1 , and the configuration of drawing , and is equipped 
with the area field and a date field. Therefore, the step which writes in the date with which the authentication procedure 
jf the authentication database of drawing 3 attested after step 104 in the date field according to the flow chart of 
drawing 5 R> 5 in general is newly added. 
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PO and NCIPI are not responsible for any 
lamages caused by the use of this translation. 

.This document has been translated by computer. So the translation may not reflect the original precisely. 
:.**** shows the word which can not be translated. 
•.In the drawings, any words are not translated. 



)ESCR1PTI0N OF DRAWINGS 



Brief Description of the Drawings] 

Drawing 1] It is the explanatory view showing the gestalt of one operation of this invention. 

' Drawing 2] It is the explanatory view showing the gestalt of operation of others of this invention. 

Drawing 3 ] It is the explanatory view showing the gestalt of operation of others of this invention. 

Draw ing 4] It is the explanatory view showing signs that the user was newly registered in the authentication database 

;onceming drawing 1 . 

Drawing 5] It is the flow chart which shows the authentication procedure concerning this invention. 

Drawing 6] It is the explanatory view showing the network which has two or more authentication management area. 

Description of Notations] 

i [ - An authentication server, 12 22, 32, 42 52 / - A network access server, 13 / - User, ] - An authentication 
latabase, 2 - A record, 10, 20, 30, 40, 50 Authentication management area, 11,21,31,41,51 
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NOTICES * 

PO and NCIPI are not responsible for any 
lamages caused by the use of this translation. 

.This document has been translated by computer. So the translation may not reflect the original precisely. 
:.**** shows the word which can not be translated. 
.In the drawings, any words are not translated. 
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